<?php
	require_once("../includes/config.php"); 
	//Check authorization
	if ($_SESSION['r']>1)
	{
	$_SESSION['error_message'] = "غير مسموح";
	redirect("index.php");
	die();
	 }
	//Making Sure The Image Size Isn't Bigger Than X and Y and resize it if needed
	function image_resize($image,$dwidth=125,$dheight=100)
	{
		//get image size
		list($nwidth,$nheight)=list($width,$height)=getimagesize($image);
		
		//save unnecessary work
		if ($nwidth<=$dwidth&&$nheight<=$dheight)
		{
		return true;
		}
		
		//calculate new width and height if needed
		if ($nwidth>$dwidth)
		{
		$nwidth=$dwidth;
		$nheight=(int) ((($nwidth/$width)*$nheight)+0.5);
		}
		if($nheight>$dheight)
		{
		$nheight=$dheight;
		$nwidth=(int) ((($nheight/$height)*$nwidth)+0.5);
		}
		
		//get file extention aka file type and create the related resource
		$type=@strtolower(array_pop(explode(".",$image)));
		$imagex=$image;
		if ($type=="jpg"||$type=="jpeg")
		{
		$image=imagecreatefromjpeg($image);
		}
		elseif($type=="gif")
		{
		$image=imagecreatefromgif($image);
		}
		elseif($type=="png")
		{
		$image=imagecreatefrompng($image);
		}
		
		//create a new resource for the new resized image
		$image_p=imagecreatetruecolor($nwidth,$nheight);
		if (!($image&&$image_p))
		{
		return false;
		}
		elseif($type=="png"||$type=="gif")
		{
		imagealphablending($image_p,false);
		imagesavealpha($image_p,true);
		}

		//Resize the image and output it to a new file
		if (imagecopyresampled($image_p, $image, 0, 0, 0, 0, $nwidth, $nheight, $width, $height))
		{
			if ($type=="jpg"||$type=="jpeg")
			{
			if (!imagejpeg($image_p,$imagex."_temp",90))
			{
			return false;
			}
			
			}
			elseif($type=="gif")
			{
				if (!imagegif($image_p,$imagex."_temp"))
				{
				return false;
				}
			}	
			elseif($type=="png")
			{
				if (!imagepng($image_p,$imagex."_temp",1))
				{
				return false;
				}
			}
			else
			{
			return false;
			}

		}
		else
		{
		return false;
		}
		
		//If everything is fine overwrite the old image :)
		if (rename($imagex."_temp",$imagex))
		{
		return true;
		}
		else
		{
		return false;
		}

	}
  
	  if($_SERVER["REQUEST_METHOD"] == "POST"&&isset($_POST['type'])&&$_POST['type']!="")
	  {
	  $sql= query('SELECT * FROM apartments_owner WHERE username = ?',$_POST['username']);
	  if(empty($sql)){
	  $pass = sha1($_POST['password']);
		if ($_SESSION['r']==1)
		{
			//Check if a ceo is trying to add an admin or CEO!
			if ($_POST['type']<2)
			{
				$_SESSION['error_message'] = "غير مسموح";
				redirect("index.php");
				die();
			}
		$sql= query("INSERT INTO apartments_owner(first_name ,role,last_name
		,username , password ,email ,phone ,id) VALUES (?,?,?,?,?,?,?,?)"
		,$_POST['first_name'],$_POST['type'],$_POST['last_name'],$_POST['username'] ,$pass,$_POST['email'],$_POST['phone'],$_SESSION['id'] );
		}
		elseif ($_SESSION['r']==0&&$_POST['type']>1)
		{
		$sql= query("INSERT INTO apartments_owner(first_name ,role,last_name
		,username , password ,email ,phone ,id) VALUES (?,?,?,?,?,?,?,?)"
		,$_POST['first_name'],$_POST['type'],$_POST['last_name'],$_POST['username'] ,$pass,$_POST['email'],$_POST['phone'],$_SESSION['id']);
		}
		elseif ($_SESSION['r']==0&&$_POST['type']<2)
		{	
			//Logo Dir
			$lname="";
			//Check the logo file
			if (isset($_FILES["hlogo"]))
			{	
				//check for errors
				if ($_FILES["hlogo"]["error"] > 0)
				{
				//$_SESSION['error_message']="Error: " . $_FILES["hlogo"]["error"];
				//Do Nothing
				}
				else
				{
					//make sure that the file doesn't already exists
					while(file_exists("./images/logos/".$_FILES["hlogo"]["name"]))
					{
					$_FILES["hlogo"]["name"]=mt_rand(100,10000)."_".$_FILES["hlogo"]["name"];
					}
					//Copy the file to the correct dir and resize it
					if (rename($_FILES["hlogo"]["tmp_name"],"./images/logos/".$_FILES["hlogo"]["name"]))
					{
						if (!image_resize("./images/logos/".$_FILES["hlogo"]["name"]))
						{
						unlink("./images/logos/".$_FILES["hlogo"]["name"]);
						}
						else
						{
						$lname="./images/logos/".$_FILES["hlogo"]["name"];
						}
					}
				}
			}
		$sql= query("INSERT INTO apartments_owner(first_name ,role,last_name
		,username,password ,email,phone,orgnanization_name,logo,ophone,ofax,oweb) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)"
		,$_POST['first_name'],$_POST['type'],$_POST['last_name'],$_POST['username'] ,$pass,$_POST['email'],$_POST['phone'],$_POST["hname"],$lname,$_POST["htel"],$_POST["hfax"],$_POST["hweb"]);
		$id=query("getlastid");
		query("UPDATE `apartments_owner` SET
		`id` =?
		WHERE `user_id` =?",$id,$id);
		}
		
		$_SESSION['success_message'] = "تم اضافة المستخدم بنجاح"; 
		redirect("usersManage.php");
		}
		else{
		$_SESSION['error_message']="اسم المستخدم موجود مسبقاً";
		redirect("usersManage.php");
		}
	  }	
	  else 
	  {
	  $_SESSION['error_message']= "حدث خطأ";
	  redirect("usersManage.php");
	  }
?>